How order certificate for shared domain

Hello!

We use Let’s Encrypt for providing SSL certificate to our clients as hosting provider.

Usually they have own domain names and delegates their DNS to us, but for those who don’t have any domain names we provide support of shared or technical subdomains on domain na4u.ru.

This tech-domain na4u.ru is used by many of our’s clients and therefore we issued SSL certificates for them using Let’s Encrypt.

But recently we hit rate limit.

And finally our question: how we can mitigate this problem?

Example domains of our clients is:

Response of ACME protocol:

Error creating new order :: too many certificates already issued

Message on tools.letsdebug.net

The Registered Domain (na4u.ru) has used 103 of 50 weekly certificates. ( https://tools.letsdebug.net/cert-search?m=domain&q=u969.na4u.ru&d=168)

1 Like

You can request a rate limit increase from Let’s Encrypt.

You may want to submit your domain to the Public Suffix List. The list’s documentation explains the reasons that it might be appropriate to do so, and they do not take submissions intended solely as a shortcut around Let’s Encrypt’s rate limits, but it would also have that side effect. (Let’s Encrypt would apply the rate limits separately to each third-level domain.)

https://publicsuffix.org/

2 Likes

You can probably use a wildcard certificate, if you don’t need your clients to have the private key themselves.

It will not work for fourth level domains like these:

but it will make your life a lot easier for third levels.

3 Likes

Thanks for reply.

@mnordhoff I’m think we submit our domain to Public Suffix List - not only because we hit rate limit on Let’s Encrypt, but for receive other pluses of PSL, e.g. security of cookies and e.t.c.

@9peppe Good idea. But its have problems with websites that doesn’t have HTTPS (mixed content).

Please elaborate. I don’t see any relation between mixed content and wildcard certs.

1 Like

@9peppe I may missinterpred you answer. I thinks that you offer to use wildcard for all clients (my fault)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.